Package: heartbeat Severity: serious Tags: security According to http://secunia.com/advisories/16039:
> Eric Romang has reported a vulnerability in heartbeat, which can be exploited > by malicious, local users to perform certain actions on a vulnerable system > with escalated privileges. > The vulnerability is caused due to several temporary files being created > insecurely in "/tmp" by "cts/CTStests.py.in", > "heartbeat/lib/BasicSanityCheck.in" and "lib/stonith/meatclient.c". This can > be > exploited via symlink attacks to create or overwrite arbitrary files with the > privileges of the user running the affected application. > The vulnerability has been reported in versions 1.2.3 and prior. This has been assigned CAN-2005-2231. I have not verified the holes. -- see shy jo
signature.asc
Description: Digital signature
